OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: mschmidt on January 24, 2023, 11:43:13 am

Title: IDS not working after update to 22.10 Business
Post by: mschmidt on January 24, 2023, 11:43:13 am

Hello,
after we updatet two opnsense installations from different version to 22.10 suricata dosen't alert/drop packets anymore.
before the updates both installations had suricata running in ips mode with no problems.
we used vlans as interfaces (not the wan interface).
after it stopped working i testet to switch to the partent interface with promiscuous mode enabled.
i even reinstalled suricata and only enabled the opnsense/test rule for eicar.
when it do a test download of the eicar file the ids is doing nothing.
is there something else i can do?

Title: Re: IDS not working after update to 22.10 Business
Post by: mschmidt on February 17, 2023, 10:31:55 am

Wir haben nun noch die verschiedenen pattern matcher getestet allerdings ohne Erfolg.
Hat jemand noch eine Idee?